Last week researchers unveiled a new exploit that allows the hijacking of HTTPS connections, the type of connections the world relies on for secure data transfer over the Internet.

Dubbed CRIME (Compression Ratio Info-leak Made Easy), the hack exploits vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols when a website uses either Deflate or SPDY, two compression techniques used to reduce server load when using HTTPS. This means not all HTTPS connections can be broken, but connections made with websites that utilize Deflate or SPDY are vulnerable... websites like Gmail, Twitter, and Dropbox. It also means that not all browsers are equal; browsers need to specifically support Deflate or SPDY for the techniques to be used because without browser support, an HTTPS connection to a website cannot use Deflate or SPDY.

Chrome and Firefox used to be susceptible to the CRIME exploit, but both Google and Mozilla quickly issued patches prior to CRIME going public, as the researchers notified them ahead of time. That means you should upgrade Firefox to the latest version. Internet Explorer was never vulnerable to CRIME because it never supported Deflate or SPDY.

Hi Mike, Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

Please provide the following information before reporting problems:Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed; Optional: Firewall; Graphics CardFor the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.E-mail: Jasmine#avantbrowser.com(please repalce # with @)MSN: dishmoon#msn.comSkype: JasmineThunder

Jasmine wrote:Hi Mike, Have both chrome and firefox declared that their upgrades relate to this vulnerability? This article seems to lag behind the release of firefox 15.0.1 a dozen of days.

There doesn't appear to be any information on either Mozilla.org or Google.com regarding the exploit or updates to mitigate it. None of the reporting I've found mentions which versions of the engines contain changes that prevent the exploit.

From Wikipedia:

As of September 2012, the CRIME exploit has been mitigated by the latest versions of the Chrome and Firefox web browsers, and Microsoft has confirmed that their Internet Explorer browser was not vulnerable to the exploit.[1] Some websites have applied countermeasures at their end.[6]

Please provide the following information before reporting problems:Avant Version; System(also point out it is a 32 or 64-bit OS);IE; Memory Size; CPU Speed; Optional: Firewall; Graphics CardFor the problems hard to replay, could you add me into your MSN or Skype list if you use either of them? The advantage is that you can let us know the situation in the first place by making some screenshots, sharing your screen or explaining the specific problems more clearly when they happen.E-mail: Jasmine#avantbrowser.com(please repalce # with @)MSN: dishmoon#msn.comSkype: JasmineThunder